Question

Nginx converts POST request to GET request Laravel

Posted December 16, 2020 2k views
NginxAPILaravel

I have a running a Laravel project on Nginx, every thing works fine except when I want to login via the API, I use Passport for authentication, but when I try to login it returns with 404 and a message “The GET method is not supported for this route. Supported methods: POST.”, although it works fine via php artisan serve

Here is my request:
URL: http://my_droplet_ip/oauth/token
Body:

{
    "username": "user_name",
    "password": "secret",
    "client_id": 3,
    "client_secret": "client_sercret",
    "grant_type": "",
    "scope": "*"
}

The response :

Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException: The GET method is not supported for this route. Supported methods: POST. in file /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/AbstractRouteCollection.php on line 117

#0 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/AbstractRouteCollection.php(103): Illuminate\Routing\AbstractRouteCollection->methodNotAllowed()
#1 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/AbstractRouteCollection.php(40): Illuminate\Routing\AbstractRouteCollection->getRouteForMethods()
#2 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php(162): Illuminate\Routing\AbstractRouteCollection->handleMatchedRoute()
#3 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/Router.php(639): Illuminate\Routing\RouteCollection->match()
#4 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/Router.php(628): Illuminate\Routing\Router->findRoute()
#5 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Routing/Router.php(617): Illuminate\Routing\Router->dispatchToRoute()
#6 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(165): Illuminate\Routing\Router->dispatch()
#7 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#8 /home/nginx/zacampus/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#9 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\Debugbar\Middleware\InjectDebugbar->handle()
#10 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#11 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#12 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(116): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#13 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#14 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle()
#15 /home/nginx/zacampus/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#16 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\Proxy\TrustProxies->handle()
#17 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#18 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#19 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#20 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#21 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#22 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#23 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#24 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle()
#25 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#26 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(140): Illuminate\Pipeline\Pipeline->then()
#27 /home/nginx/zacampus/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(109): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#28 /home/nginx/zacampus/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle()
#29 {main}

My nginx site-available configuration


server {
    listen 80 default_server;
    listen [::]:80;

    root /home/nginx/zacampus/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Add-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS';    

    index index.php index.html index.htm;
    charset utf-8;

    server_name 134.122.100.243;

    access_log /home/nginx/logs/zacampus_logs/access.log;
    error_log /home/nginx/logs/zacampus_logs/error.log;


    location / {
        try_files $uri $uri/ $uri/index2.php =404;

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain; charset=utf-8';
            add_header 'Content-Length' 0;
            return 204;
        }
        if ($request_method = 'POST') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range';
                add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range';
            } 
        if ($request_method = 'GET') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Control-Type, Range';
                add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range';
        }



    }

    location /oauth/token {
        try_files $uri $uri/ = 404;
    }
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt { access_log off; log_not_found off; }
    location ~ /\.ht { deny all; }
    error_page 404 /index.php;

    location ~ \.php$ {     
        # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

}

My last line from access.log

196.221.196.151 - - [16/Dec/2020:17:53:46 +0000] "POST /oauth/token HTTP/1.1" 404 195971 "-" "PostmanRuntime/7.26.5"

Note:
It works fine when using php artisan serve

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

I solved it by adding SSL certification to the server and enabling HTTPS in server configuration.

Hi there @abdelnasserahmed96,

What is the main reason for having the location /oauth/token part in the Nginx config?

    location /oauth/token {
        try_files $uri $uri/ = 404;
    }

As a test what I could suggest is using the Nginx configuration provided by the official Laravel Documentation, and then gradually adding the additional configuration settings that you have one by one to see which of those could be causing the issue for you.

Let me know how it goes!
Regards,
Bobby

  • Hi Bobby, thanks for your reply.
    I have followed the official documentation for Laravel, it works well for web routes but not for API’s.
    The reason for

       location /oauth/token {
            try_files $uri $uri/ = 404;
        }
    

    Is for sign in API, and also the traditional location / doesn’t work.

    • Hi there @abdelnasserahmed96,

      I’ve tested this on my end, and it looks like that the = 404; bit is causing the unwanted POST to GET translation.

      I’ve got it working on my end by changing it to:

          location /oauth/token {
              try_files $uri $uri/ /index.php?$query_string;
          }
      

      Regards,
      Bobby

      • I tried it now, but it gives me File not found
        Also I discovered that it’s a general problem in all POST requests.

        • Hello,

          Do you have an index.php file in there? Also, have you modified your Laravel core files in any way? As I can see that in your Nginx config you are using index2.php rather than index.php.

          If this is the case you need to set the try_files rule to match the Laravel index file.

          Regards,
          Bobby

          • Hello, I really appreciate your help,
            My index page named index2.php so that’s why I redirect to it, any way I have unified all the not found redirection to index2 and tried with index at well, here is the results:
            In index2.php
            It converts the request to GET and gives the same error.

            In index.php
            It gives a 404 with a home page without CSS.